Cyber Intel Brief: Sept 1 – 7, 2022
By Eric Ford,
Threat Actors
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
Impacted Industries: All
What You Need To Know:
SentinelOne published a report on a recent little-known threat actor phishing campaign targeting PyPi package maintainers to infect downstream users with the JuiceStealer malware.
Threat Actor
Raspberry Robin and Dridex: Two Birds of a Feather
Impacted Industries: Utilities, Manufacturing, and Transportation and Warehousing
What You Need To Know:
A recent IBM report asserts a link between malware spread by USB devices and a Russia-based cybercriminal group. The report shows infections spiked in early June and attempts to infect clients in the oil and gas, manufacturing, and transportation by early August.
Threat Actor
TA505 Group’s TeslaGun In-Depth Analysis
Impacted Industries: Finance and Insurance; but group targets all sectors
What You Need To Know:
The PRODAFT threat intelligence team identified a financially motivated threat group’s control panel. Prodaft could glean insight into how the organization works through the control panel.
Threat Landscape
EvilProxy Phishing-As-A-Service With MFA Bypass Emerges In Dark Web
Impacted Industries: All
What You Need To Know:
Resecurity has identified a new Phishing-as-a-Service (PhaaS) advertised on the Dark Web. Their report details the structure, modules, functions, and network infrastructure used to conduct malicious activity and how the service can bypass MFA.
Malware
SafeBreach Labs Researchers Uncover New Remote Access Trojan (RAT)
Impacted Industries: All
What You Need To Know:
SafeBreach Labs discovered a previously undiscovered remote access trojan. During their investigation, SafeBreach identified the developer who published the source code to their public GitHub account.
Ransomware
#StopRansomware: Vice Society
Impacted Industries: Education Services
What You Need To Know:
The FBI, CISA, and the Multi-State Information Sharing and Analysis Center released a joint Cybersecurity Advisory regarding Vice Society activity identified through investigations as recently as September 2022.
Exploited Vulnerabilities
Mirai Variant MooBot Targeting D-Link Devices
Impacted Industries: All
What You Need To Know:
Palo Alto’s Unit 42 researchers discovered attacks leveraging several vulnerabilities in D-Link devices. The exploit attempts captured by Unit 42 led to the spread of a botnet that targets exposed networking devices running Linux.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.